Blocking Attacks from the Incredibly Insecure Internet of Things (IIIoT)

img_tech_handwithmobilelaptoptv

In the wake of the massive attack against DNS provider Dyn, we as a security industry need to ask ourselves “what the hell are we going to do about the usage of dumb, secure-less IOT devices to become a bot army?”

In the fallout after the attack, security experts are tasking end users, device manufacturers, hosting providers and ISPs to prevent its recurrence.   End users need to change passwords, device manufacturers need to harden their machines, hosting providers need to grow their capability and ISPs need to detect spoofed IPs.  Potentially the easiest and fastest way to block massive DDoS attacks is to use the Domain Name System to detect and mitigate bots.

The DNS Knows

The DNS is an incredibly good place to detect and prevent bot activity. Because IP addresses change, every piece of malware needs to call home to get instructions and when it does so, it queries the DNS. When that query tries to link to a known Command & Control Center or phishing site, the DNS can hang up the phone, preventing the malware from getting instructions and participating in a denial of service attack.
Every network that services IOT devices could prevent their widespread usage as a botnet if they implemented this service – and Congress wants ISPs to act. The co-founder of the Senate Cybersecurity Caucus, Senator Mark Warner, asked what network management practices could be adopted by ISPs to repel traffic that might emanate from botnets.  Although using the DNS to identify and block bots would not help them repel traffic, it would prevent devices on the ISP’s network from participating in a botnet. Such a service protects the very Internet itself by using the backbone of the Internet to detect and then prevent bot activity.

To learn more about using the DNS to block bots, watch the recorded Secure64 webinar, “Defending with DNS.”

img_tech_city
0 2394
Theresa DeGroote

Leave a Reply